Skip to content

Hide Navigation Hide TOC

Malicious DLL File Dropped in the Teams or OneDrive Folder (1908fcc1-1b92-4272-8214-0fbaf2fa5163)

Detects creation of a malicious DLL file in the location where the OneDrive or Team applications Upon execution of the Teams or OneDrive application, the dropped malicious DLL file (“iphlpapi.dll”) is sideloaded

Cluster A Galaxy A Cluster B Galaxy B Level
Malicious DLL File Dropped in the Teams or OneDrive Folder (1908fcc1-1b92-4272-8214-0fbaf2fa5163) Sigma-Rules DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) Attack Pattern 1
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 2